Virtual group maintenance and security

ABSTRACT

A method for providing security and maintenance of a group of devices using a group of tags. Each of the tags is attached to a device and includes a radio frequency transceiver for intercommunicating using ultra-wide band signals. Using the intercommunication, distance between two of the tags is determined and an alarm is triggered when the distance is greater than a threshold distance. The distance is preferably determined by measuring a round trip delay time between the transmission of a transmitted unicast signal to the other tag and reception of a unicast response signal in response to the transmitted signal. A configuration mechanism is typically used for configuring the group and removed upon completing the configuration, and the tags maintain the group and provide security by the intercommunication between the tags. The tags are preferably synchronized to transmit and receive solely during a previously determined periodic sequence of time intervals.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority to and is a continuation of U.S.application Ser. No. 12/092,583, filed Oct. 12, 2008, which was anational stage filing under 35 U.S.C. 371 of International ApplicationNo. PCT/IL06/01288, filed Nov. 8, 2006, which International Applicationwas published by the International Bureau in English on May 18, 2007,which claims priority to and is a nonprovisional of U.S. Application No.60/734,780, filed Nov. 9, 2005. U.S. application Ser. Nos. 12/092,583and 60/734,780, and International Application No. PCT/IL06/01288 arehereby incorporated by reference in their entireties.

FIELD OF THE INVENTION

The present invention relates to asset management using a radiofrequency identification system and in particular the present inventionincludes active RFID tags which have a security function without thepresence of an active reader in the vicinity of the RFID tags. The mostpreferred implementations use ultra-wide band active RFID tags.

BACKGROUND OF THE INVENTION

Reference is made to FIG. 1 a prior art system 101 for securing a groupof elements or devices. Five RFID tags 10-14 are each attached to one ofthe devices. A monitor 100, a central controller of the system, monitorstags 10-14 by communicating with each of tags 10-14. The term “reader”is also used herein interchangeably to refer to a central controller ormonitor 100. Prior art system 101 of FIG. 1 can be described ascentralized. Monitor e.g. an RFID reader 100, monitors one or more RFIDtags 10,11,12,13,14. Monitor 100 typically functions differently fromtags 10-14. The main function of monitor 100 is to maintain groupintegrity. Any missing item, e.g. tag from the group is detected bymonitor 100 and an action, e.g. an alarm, previously programmed intomonitor 100 is activated. Other possible actions include reporting asecurity breach, or disabling a device for instance attached to one oftags 10-14. A system similar to system 10 is described in US PatentApplication Publication No. 2005/0148339, “Personal Item Monitor UsingRadio Frequency Identification” disclosed by R. Boman et al. A personalitem monitoring system includes a monitor having a transmitter and areceiver located therein. A radio frequency identification (RFID) tag isadapted, coupled or pre-installed into a personal item. The monitoremits a radio frequency signal received by the radio frequencyidentification tag, and the radio frequency identification tag emits aresponding signal if within a detection range. The monitor then alerts auser if the radio identification tag leaves the range of detection.

In US Patent Application Publication No. 2005/0151623, “PDA SecuritySystem” disclosed by G. Von Hoffman, a system is described which securesa device such as a personal digital assistant (PDA) or a mobile phone,by requiring an ‘authentication process’ between the device and anotherspecific element. If an alarm state occurs, when the specific elementdoes not answer, or the specific element is not within the given rangefrom the calling device, some selected functions of the calling devicewill be disabled.

In many applications the cost of a relatively expensive monitor (e.g.RFID reader 100), is typically more than hundred times the cost of anRFID tag. If a group of tagged devices includes about ten elements, theinclusion of monitor 100 increases the cost of implementation bytenfold. If monitor 100 is absent from centralized system 10, ormalfunctioning, the modified system 10 cannot maintain any level ofsecurity. Furthermore, in prior art system 101 none of the tags 10-14know about the existence of the any other tags 10-14 in the group, soinformation such as a list of members of the group cannot be obtainedfrom any tag 10-14. A further limitation of prior art system 101 andother systems, is the inaccuracy of the range threshold in which thealarm is triggered. In the absence of an accurate distance measurement,system 10 may either trigger an alarm when the tagged devices are stillclose to each other, or too late, when one of tags 10-14 has beenremoved without prior authorization and the security breach is notprevented. In fact, prior art systems typically do not perform anydistance determination measurement but rather than rely on attenuationof the RF signals which results in range varying by an order ofmagnitude because of differences in RF attenuation, reflections andmultipath interference throughout the RF propagation paths betweenmonitor 100 and tags 10-14. The lack of accurate range determinationcreates an increased potential for security breaches in prior artsystems 10.

Another potential security breach known as “remote pickpocketing” isdescribed in the article, Z. Kfir and A. Wool, Picking Virtual PocketsUsing Relay Attacks on Contactless Smartcard Systems, (Cryptology ePrintArchive, Report 2005). A contactless smart card is a smart card that cancommunicate with other devices without any physical connection,typically using Radio-Frequency Identifier (RFID) technology.Contactless smart cards are becoming increasingly popular, withapplications like credit-cards, national-ID, passports, physical access.The security of such applications is clearly critical. A key feature ofRFID-based systems is their very short range: typical systems aredesigned to operate at a range of ˜10 cm to ˜50 cm. Contactless smartcard technology is vulnerable to relay attacks: An attacker can trickthe reader into communicating with a victim smart card that is very faraway. A ‘low-tech” attacker can build a pick-pocket system that canremotely use a victim contactless smart card, without the victim'sknowledge. The attack system consists of two devices, a “ghost” and a“leech”. The ghost can be up to 50 m away from the card reader, twoorders of magnitude higher than the nominal range. The leech can be upto 50 cm away from the victim card. The main characteristics of theattack are: orthogonality to any security protocol, unlimited distancebetween the attacker and the victim, and low cost of the attack system.The attack using a ghost and leech on a contactless smart card can bemade very difficult if an accurate distance determination measurement isperformed to the contactless smart card.

There is thus a need for, and it would be highly advantageous to have asystem and virtual group maintenance and security which overcomes thedisadvantages of prior art centralized RFID systems, and particularly anon-centralized system in which additionally accurate rangedetermination is provided.

The term “ultra-wide band” (UWB) as used herein is defined (by FCC andITU-R) in terms of a transmission from an antenna for which the emittedsignal bandwidth exceeds the lesser of 500 MHz or 20% center frequency.One type of ultra-wide band (UWB) communication technology employsdiscrete pulses of electromagnetic energy that are emitted at forexample, nanoseconds to microsecond intervals. For this reason, thistype of ultra-wide band is often called “impulse radio.” A UWB pulse isa single electromagnetic burst of energy. A UWB pulse can be either asingle positive burst of electromagnetic energy, or a single negativeburst of electromagnetic energy, or a series of pulses. Ref:http://en.wikipedia.org/wiki/Ultra_wide band.

Reference is now made to FIG. 2 (prior art) which illustrates the use ofultra-wide band signals (UWB) in an RFID system 101 of the prior art(described in PCT/IL2003/00358, publication No. WO/2003/098528),entitled “Method and system for distance determination of RF tags”incorporated herein by reference for all purposes as if fully set forthherein. As described in WO/2003/098528, reader 100 transmits a shortpulse sequence representing symbol 205. The ultra-wide band signal isorganized into three intervals including three parts: a preamble, dataand a response period. In each of the parts, symbols 205 are transmittedby means of pulse transmissions, where the time between symbols isdenoted T₁ typically on the order of 20 microseconds. The pulse sequencetransmission duration T₂ for each symbol is substantially shorter thanT₁, typically ˜100 nanoseconds. Such short sequence of pulses arebeneficial for reducing the peak to average ratio of the transmitter,both for easier implementation and for complying with regulatory peakpower limits where applicable. As an example in a pulse train, eachpulse sequence 205 is composed of N e.g. 11 narrow pulses, each with apolarity determined by a binary sequence which is chosen forautocorrelation and synchronization properties with a flat spectrum.Tags 03 a and 03 b respond respectively with pulse sequences 207 a and207 b also with time interval T₂ of about 100 nanoseconds and timeinterval T₁ between pulse sequences 207 (on the order of 20microseconds, as mentioned above). The use of very short pulse sequences205 and 207 with a long time interval between pulse sequences 205 and207 allows a relatively large number of parallel-links between reader100 and multiple tags 03 a and 03 b. According to one of the embodimentsdisclosed in WO/2003/098528, reader 100 receives one or more ultra-wideband response signals, respectively from one or more tags typicallyincluding overlapping wide band response signals from different tags.Reader 100 detects the response sequence and decides whether one or moretags answered the ultra-wide band interrogation signal transmitted byreader 100. Reader 100 determines the round trip delay betweentransmitting the interrogation signal and receiving the response signalsand from the round trip delay an accurate distance measurement to tags03 a and 03 b is obtained.

The terms “device”, “item” and “object” are used herein interchangeablywhen referring to devices, items and objects attached to tags.

The term “determination of a distance” refers a method to determinedistance absolutely or a relatively measurement of distance, notestimating of distance based on radio frequency attenuation which isdependent on radio frequency, propagation characteristics.

SUMMARY OF THE INVENTION

According to the present invention there is provided a method forproviding security and maintenance using a group of tags. Each of thetags includes a radio frequency transceiver for intercommunicatingbetween the tags, preferably using ultra-wide band signals. Using theintercommunication, distance between two of the tags is determined andan alarm is triggered when the distance is greater than a previouslydefined threshold distance. The distance is preferably determined bymeasuring a round trip delay time between the transmission of atransmitted signal to the other tag and reception of a response signalin response to the transmitted signal from the other tag. The distanceis preferably determined by measuring a time delay between transmittingan ultra-wide band message and receiving a ultra-wide band responsemessage. Intercommunication between the tags preferably relaysinformation regarding completeness of the group, between the tags of thegroup. The intercommunication preferably uses ultra-wide band signalswhich relay information regarding completeness of the group between thetags of the group. A configuration mechanism, for instance integratedinto a removable reader, is typically used for configuring the group.The configuration of the group typically includes: adding a tag to thegroup, removing a tag from the group, programming which tagsintercommunicate with each other and storing in the tags a parameterproportional to the previously defined threshold distance. Uponcompleting the configuration, the configuration mechanism, e.g. readeror monitor, may be removed and the tags maintain the group and providesecurity by intercommunication between the tags. The tags are preferablysynchronized to transmit and receive solely during a previouslydetermined periodic time interval, for efficient protocol and powersaving. One or more parameters that define the intercommunicationprotocol, e.g. duration, period, timeout is preferably stored in memoryof each of the tags during the configuration. The synchronizationbetween the tags insures that an addressed tag is receiving when anothertag is transmitting and is preferably performed by transmitting beaconsignals from one or more tags to other tags. In some embodiments thesynchronization packets and the maintenance packets are the same. Thetags preferably switch into a sleep mode outside of the time intervaland switch to an active mode during the time interval, in order toconserve battery power. The intercommunication between the tags of thegroup preferably includes either multicast or broadcast ultra-wide bandtransmitted messages, and a decision by any one tag of the group totransmit within a time frame is probabilistic typically based on anestimate of traffic within the group or the decision is deterministicaccording to a previously defined ordering algorithm. Alternatively,intercommunication between the tags of the group includes transmittingunicast ultra-wide band transmitted messages and receiving unicastresponse messages to relay information regarding completeness of thegroup between the tags of the group. The intercommunication is performedduring a time interval, which is sufficiently long so that the first tagof the group to interrogate receives an interrogation signal from thelast of the group to interrogate, and outside the time interval all thetags switch into a sleep mode, thereby conserving battery power. Thealarm is preferably either a sound, a light, an alarm record stored inone or more tags, a transmitted alarm message, and/or a commanddisabling a device, e.g. mobile telephone attached to one of the tags.When the alarm is logged in memory as an alarm record stored in one ormore of the tags, the alarm record is retrieved upon querying by areader in temporary communication with the one or more of the tags, oris conveyed as soon as any of the tags with the record are detecting anearby relevant reader.

According to the present invention there is provided a system includinga group of tags. Each of the tags includes a radio frequency transceiverfor intercommunicating between the tags using ultra-wide band signalsand the tags determine a distance to another tag by using theintercommunication. An alarm mechanism triggers an alarm when thedistance is greater than a previously defined threshold distance. Thedistance is determined by measuring a round trip delay time between thetransmission of a transmitted signal to the other tag and the receptionof a response signal in response to the transmitted signal from theother tag. A configuration mechanism is preferably used to add a tag tothe group, remove a tag from the group, to program one or more tags tointercommunicate with said another tag and to store a parameterproportional to the previously defined threshold distance.

The intercommunication between the tags of the group includes usingunicast ultra-wide band transmitted messages and receiving unicastresponse messages to relay information regarding completeness of thegroup between the tags of the group, The intercommunication ispreferably performed during a time interval, the time interval issufficiently long so that the first tag of the group to interrogatereceives an interrogation signal from the last of the group tointerrogate and outside the time interval all the tags switch into asleep mode, thereby conserving battery power.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention is herein described, by way of example only, withreference to the accompanying drawings, wherein:

FIG. 1 is a simplified schematic drawing of a conventional radiofrequency identification (RFID) system of the prior art;

FIG. 2 is a prior art drawing which illustrates ultra wide bandsignaling in a conventional RFID system;

FIG. 2 a is a simplified schematic drawing of a group of RFID tags,according to a embodiment of the present invention;

FIG. 2 b is a simplified schematic drawing of a group of RFID tags,according to another embodiment of the present invention;

FIG. 3 is a simplified flow drawing of a process, according to anotherembodiment of the present invention;

FIG. 4 a and FIG. 4 b schematically illustrate different mechanisms forgenerating an alarm, according to embodiments of the present invention.

In the Figures, tags labeled with two digit references, greater than orequal to 20 are equivalent and refer to tags according to embodiments ofthe present invention.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

The present invention is of a system and method for providing securityand maintenance using a group of tagged devices. Specifically, thesystem and method includes communication and distance measurementbetween tags of a radio frequency identification system. The tags areconfigured to be included in a virtual group by a configurationmechanism such as an RFID reader. After configuration the RFID reader isoptionally removed. The signals between the tags preferably includepulse sequences, and the pulse sequences include a short train ofpulses, such as in ultra-wide band signaling. The signals are eitherbroadcast to all tags of the group within range or the signals areaddressed as unicast or multicast signals to one or more of the tags.

The principles and operation of a system and method of providingsecurity and maintenance using a group of RFID tags, according to thepresent invention, may be better understood with reference to thedrawings and the accompanying description.

Before explaining embodiments of the invention in detail, it is to beunderstood that the invention is not limited in its application to thedetails of design and the arrangement of the components set forth in thefollowing description or illustrated in the drawings. The invention iscapable of other embodiments or of being practiced or carried out invarious ways. Also, it is to be understood that the phraseology andterminology employed herein is for the purpose of description and shouldnot be regarded as limiting.

By way of introduction, principal intentions of the present inventionare to: provide robust, flexible and programmable group security, thatdoes not rely on the existence of an RFID reader but is based onrelatively low-cost active RFID tags. A group configuration is performedby an RFID reader including: adding an RFID tag to the group andreleasing the RFID tag from the group. Subsequent to configuration, thereader may be removed for instance to configure another group. The tagspreferably use ultra-wide band signal for precise monitoring ofdistances between the members of the group. When one of the tags of thegroup is moved an alarm is triggered. The tag switch by between anactive mode and a sleep mode to conserve battery power, complicating thetask of tag to tag intercommunication.

There are many applications where a group of tags need to be within aspecific range of distance from each other and a violation of this rangeis a reason for an alarm, notification or disabling a device attached orwirelessly connected to one or more of the tags. Examples of devicesthat can be disabled include portable computers, cellular phones or anyother device whose level of activity can be changed by a commanddirectly or indirectly from an RFID tag. The distance between groupmembers, in typical applications, can be several centimeters in oneapplication, or several tens of meters in another application typicallyup to about hundred meters using conventional ultra-wide band signaling.

The present invention is applicable to (but not limited by): a kit ofdevices/objects assembled in a factory to be sent elsewhere, and all theitems of the kit must be transported together, for example a kit ofelements for manufacturing an airplane part. If even one element ismissing from the kit, the airplane part cannot be assembled. It ishighly desirable to make sure that all items of the kit are present andaccounted for, possibly within a given distance from one to the other.Even if one element of the kit is missing a security breach oroperational error may be in progress.

A group of soldiers going out to a mission. It is imperative that thesoldiers of the group are not separated by too large distance from thegroup. If one of the soldiers is lost or injured it is important thatthe members of the group are alarmed. It is further useful in suchapplication to notify the distance of the missing soldier of the groupone from each other and in this way the missing soldier is more easilylocated.

An array of wireless sensors, that together perform a monitoringfunction, and it is required to constantly verify that none of thewireless sensors is moved, stolen, disabled or modified, or otherwisetampered with.

A set of computers and peripherals, lab equipment including a computingor test set-up where one wants to verify constantly that none of thedevices is moved or stolen.

A payment device such as wireless smart card and additional verificationone or more tags that are used to authenticate the smart card. If thesmart card is at a long distance from such authenticating devices, itcannot function; in this way, if the smart card is stolen, the thiefcannot use it.

Referring now to the drawings, FIG. 2 a illustrates an embodiment of thepresent invention. Six RFID tags numbered 30-35 are communicating in amesh network 200. One or more of RFID tags 30-35 are respectivelyattached to or integrated with devices (not shown). Two RFID tags 30 and31 are typically communicating with each other. RFID tag 30 communicateswith tags 34 and 35 while tag 31 communicates with tags 32 and 33.Typically, tags 34 and 35 are in communication with each other and tags32 and 33 are in communication with each other. However, tags 34 and 35are not in communication with tags 32 and 33, for instance because thedistance is too large. Typically, when any one tag is in communicationrange with another tag, the one tag occasionally interrogates the othertag. As soon as the one tag is moved beyond the previously determinedallowed distance range between the tags, one or both of the RFID tags inintercommunication sends a message to a central controller if presentand/or triggers an alarm e.g. a light or sound alarm. Another embodiment201 of the present invention is illustrated in FIG. 2 b. In embodiment201, each of five tags 20-24, optionally attached to respective devices(not shown) are in communication with each other. Embodiment 201 isfully connected or redundant.

Reference is now made to FIG. 3, a drawing of a process 300 according toan embodiment of the present invention. According to an embodiment ofthe present invention, tags are attached (step 301) to a group ofelements (or devices) for securing the elements, a monitor or reader 210is used for configuring (step 303) the group of tags and after initialconfiguration, reader 210 is optionally removed (step 305) from thegroup and the group maintains security independent of reader 210. Thegroup is configured (step 303) by a command typically sent by aultra-wide band RFID reader, to the RFID tags. The communicationsbetween the tags are preferably synchronized (step 307) prior tomonitoring (step 309). Monitoring (step 309) preferably includesaccurate determination of distances between the tags. If one of thedetermined distances is not within a previously determined range analarm is generated (step 311).

The alarm condition or log of alarms is optionally queried (step 313) byreader 210.

According to an embodiment of the present invention during configuration(step 303) of the group, each time one tag is interrogated by reader210, the list of group members known to the interrogated tag is uploadedfrom that tag to reader 210. The reader 210 can check the presence ofall the other tagged items in the group by interrogating them. Thereader 210 does not necessarily possess a priori the complete list ofgroup members. In some embodiments of the present invention reader 210may receive the complete list of group members by performing a broadcast“collect all” interrogation command to all tags optionally those whichare matching some selection criteria within a configuration range.

According to embodiments of the present invention, after configuration(step 303), the reader 210 is typically not available, not necessary andtypically removed (step 305) from group 200, 201. A real time alarmoccurs when one or more of the tagged devices is taken from group 200,201 even in the absence of reader 210.

Systems 200 and 201 in preferred embodiments employ ultra-wide band RFIDtechnology. Each device belonging to group of objects being secured istagged (step 301) with an ultra-wide band RFID active tag. Furthermoreeach tag is able to communicate with other tags using ultra-wide bandcommunication, as well as perform a ranging measurement using round tripdelay time measurement similar to the methods disclosed in PCTInternational Patent Application Publication No. WO 2003/098528. A tagsearches in the time domain to find an ultra-wide band signal of a knownpattern, and when it does, the tag synchronizes (step 307) e.g. its wakeup period, with other tags of group 200, 201. During configuration (step303), one of the tags is selected as the first interrogator in thecycle; once it has completed its interrogation of the other members, itwill pass the role of interrogator to another tag.

The group of tags can be symmetrical, that is each tag interrogatesequally all the other tags, or the group is asymmetrical when one tag isresponsible for interrogating the other tags, accordingly as determinedduring configuration (step 303). However if the configuring tag isremoved or not functioning, then another tag in the group is configuredto be the current ‘interrogator’. Thus it is feasible to obtain groupsecurity without necessitating the constant presence of a reader 210.

An implementation of embodiments of the present invention based onultra-wide band signaling of active RFID tags, preferably includes thefollowing main characteristics: Each tag can receive and transmitultra-wide band signals. A tag can communicate with another tag andpreferably all other tags in the group. In an efficient protocol eachtransmitting tag sends a broadcast message, to which all other tagsrespond, and the originating tag gets immediate information regardingall other tags in the group. This however requires a sophisticated tagreceiver processing. In another protocol, each tag transmits a unicastmessage and receives a response from only one other tag, which in turnis responsible for communicating with the next tag, and so on. Forinstance in embodiment 201, tag 24 is queried by tag 23, tag 23 isqueried by tag 22, tag 22 is queried by tag 21, tag 21 is queried by tag20 and tag 20 is queried by tag 24. In another protocol, each tag (inhis turn) queries each of the other tags.

Such a query cycle may occur once every time interval of ˜1 to ˜10minutes, as an example. A list of tags in the group is preferablyprovided to each tag of the group during configuration (step 303) of thegroup, or at least each tag knows another tag with which to communicate.Each tag of the group preferably receives the list including all membersof the group in case one of the tags is not present or non-functional.Each tag preferably waits (for instance before entering sleep mode)until an interrogating packet is received since the list of tags ispreferably cyclic. In this way, each tag is informed about thecompleteness of the group. Each tag in order to conserve power ispreferably active only part of the time in order to reduce powerconsumption. According to one embodiment of the present invention, timeis typically divided into frames, the length of a frame is for examplehalf a second. Each one second frame is divided into active part ofshort duration (e.g. 10 millisecond) and inactive or sleeping part of(490 millisecond). Every tag that enters the active state is either atransmitting tag or a responding tag during the active part of theframe.

According to preferred embodiments of the present invention, aninteractive and iterative time synchronization (step 307) algorithm forthe group of tags is preferably employed. Synchronization (step 307)allows for the tags of the group to intercommunicate with each otherduring a previously determined time interval. When the tags alternatebetween ‘sleep’ and ‘active’ modes, as is often the case with activeRFID tags equipped with a low cost battery, synchronization (step 307)algorithm can shift active times in such a manner that the active timesof all tags of the group coincide. Consequently, querying of all thetags doesn't require waiting for some of the tags to “wake up”. Such asynchronization (step 307) algorithm can be based on the followingprinciples: each tag, when configured, first starts its operation byturning on for e.g., 10 seconds, during which the tag searches tosynchronize based on ‘beacon’ signals; subsequently, the tag wakes upperiodically according to the period of the beacon signals since theperiodicity is configured in advance. To generate the beacon signals,either one of the tags in the group is designated as the transmitter ofrepetitive short messages, or all the tags in the group share the taskof transmitting the repetitive short messages typically in a‘round-robin’ manner.

Each packet that is transmitted at the beginning of a frame ispreferably used to synchronize (step 307) the listeners, i.e. all, theother tags that did not transmit during the frame. In case the listeningtag receives transmissions from two or more other tags, the listeningtag synchronizes (step 307) to the earliest (or alternatively thelatest) among the received transmissions thus improving stability andavoiding problems associated with timing loops.

Another possibility for overall synchronization (step 307) can be basedon the tags getting a ‘time signal’ from reader 210, duringconfiguration (step 303). Receiving a time signal simplifies theconditions for maintaining time synchronization afterwards.

Each tag decides if it will be a transmitter for the next frame, and thedecision is random, i.e. each tag device randomly decides if it is atransmitter or not according to a certain probability. The probabilitypreferably is inversely proportional to the number of tags in the group.The simplest algorithm to limit congestion of the requests is based onthe number of known neighbors. The probability of transmission isinversely proportional to the number of neighbors. Improved congestioncontrol can be performed by analyzing traffic information within thegroup.

A responding tag may simultaneously detect two or more received signals,namely ultra-wide band packets from other tags. It is not necessary thatthe responding tag responds both received signal packets. The respondingtag will arbitrarily choose one signal to respond to and wait for theother transmitted packet to be retransmitted. Consequently tags arepreferably not programmed to generate (step 311) an alarm at the momentthat an expected transmission is not detected. The following (exemplary)protocol tests if a tag is absent from the group: Each transmitting tagtransmits the list of tag identifiers and the latest time for which atransmission is detected from each tag. Each receiving tag adds to thelist of tags based on any received transmissions. The list each tag istransmitting is composed of the list it heard from the previous tags,which is a collection of all data known to that other tag, and its ownreceived tags. In this way, information of the existence and range oftags spreads quickly and efficiently throughout group 200, 201, thusafter a few frames, if a tag of the group currently not listed by anyother tag, then an alarm condition is created. Further checks can bedone using direct unicast to the non-responding tag using the tag thatlast communicated successfully with the unresponsive tag to verify lackof response.

Due to practical limitations, the number of packets that can beprocessed concurrently is limited by the memory and processor resourcesin the tags of the group. Typically, unicast and/or multicastinterrogation transmissions (and not broadcast transmissions) are usedto limit the processing required to simultaneously process multipleresponses from other tags.

The tags preferably not only listen to requests, but to all traffic thatcan be detected, including other tags responses to requests. As aresult, the group rapidly acquires information and may relay theinformation as required.

Usually a transmitted packet requires a response from all addressedtags. By using prior knowledge, the transmitting tag has theresponsibility to limit the number of responses to an optimal number byusing a random group division. The random group division method ensuresthat the group never exceeds the maximum traffic allowed by theprotocol, and improves reliable reception of the responses.

Reference is now also made to FIG. 4, which illustrates an alarm systemattached to one or more of the tags. The connection to the alarm systemmay be wired as in alarm 401 or wireless to wireless alarm system 402.In a preprogrammed schedule, each tag of the group interrogates theother tags of the group using either unicast, multicast or broadcastcommand, and tests each for presence and for being in a preprogrammedauthorized range. In embodiment 200, (FIG. 2 a) each tag measures theround-trip delay to four other tags preferably using ultra-wide bandsignaling according to the teachings of WO2003/098528. If maximum rangeis violated, an alarm state is reached. The alarm is communicated to theexternal world using sound, light, or if there is reader 210 in thearea, using an alarm message or interrupt. Alternatively, if there is noreader 210 an alarm is generated using an alarm system 401, 402. In analternative embodiment, a device e.g. cellular telephone connected toone of the tags may generate an alarm.

According to another embodiment, there is also an option to store (step311) the alarm condition in a log file in the tag, and when queried(step 313), the tag reports the alarm condition.

According to another embodiment of the present invention, a device, e.g.cellular telephone is locked when the tag attached to the device isplaced or found in an alarm condition. An unauthorized user is preventedfrom using the locked device, since even if the tag of the locked deviceis disabled, the locked device is typically only used with other taggeddevices of the same group. Moreover, the other tagged devices of thesame group as the locked tagged device will typically also receivenotification of the alarm and will not establish normal communicationswith the locked device of the group. Furthermore, if the locked taggeddevice is not present, or present at an incorrect range, or removed fromthe group, the locked device remains locked and cannot be used. It isunderstood that cryptographic algorithms can be added to strengthen thelocking mechanism against possible tampering attempts to unlock thelocked device.

Group Configuration:

In a kit preparation process, a user is using a software applicationthat presents to the user a list of all relevant tagged items (e.g. inthe warehouse). Using the application, the user selects items and placesthe items into a group by clicking on an item presented on the display,and adds the clicked item to the list of items in the kit. Afterwardsthe software application configures (step 303) the group of taggeditems, by wireless commands preferably sent by reader 210. The group mayalso be programmed to check for the authorized users of the groupaccording to a certain schedule. Once the group is brought together, acommand is issued to activate monitoring activity (step 309). Similarly,in a security application, a user uses a software application thatpresents all tagged items in the facility, and the user selects items asmembers of a group and then activates the group.

In another configuration, the group of tagged items or part of the groupis brought first to be in the vicinity of reader 210, or reader 210 isbrought to the vicinity of the tagged items. Reader 210 presents to theuser the list of items in range, and the user selects the desired groupmembers. If only a part of the group was configured, reader 210 or adifferent reader 210 is moved to the vicinity of the other groupmembers. At the end of item selection, or at any other time, reader 210is commanded to activate the group.

In still another example of configuration (step 303), reader 210, e.g.handheld is brought to the vicinity of a tagged item to be placed in thegroup. The user types in an identifier of the item and reader 210commands the item to be part of the group. Alternatively an identifierwas preprogrammed, into handheld reader 210. The group may be configuredby bringing the tagged items together within a previously defined rangeand the group is configured automatically activated by a button or by acommand to include all tagged devices within the range. The tagged itemsof the group are further programmed during configuration (step 303)regarding other parameters, such as what constitutes an alarm situationand what to do in case an alarm situation occurs.

Group Release:

Reader 210 can program a tagged item to detach from the group. Such acommand should be transmitted to all tagged devices to check for thepresence of the tagged item. Such a command typically requires asecurity mechanism, such as encryption and/or cryptographicauthentication using any well known protocol in order to allow a taggeddevice to securely detach from the group.

Other Causes for Alarm Event:

System 201, 202 can be enhanced with additional security measures suchas a tamper detection apparatus integrated with the tags and/or taggeddevices. In case the tamper detection sensor detects a disabling attemptor detaching attempt of the tag from the item, the tag issues an alarmcondition such as by transmitting (step 311) the alarm using a wirelesslink to all the other tags in the group.

Partial Group Maintenance:

Even after a first alarm condition, when one or more of the groupelements is missing/malfunctioning or tampered with, the rest of thegroup can be still maintained active to transmit (step 311) an alarm ornotify the application upon detection of additional alarm events. It isuseful to maintain a log file at each tag for logging of alarm events.

As such, those skilled in the art will appreciate that the conception,upon which this disclosure is based, may readily be utilized as a basisfor the designing of other structures, methods and systems for carryingout the several purposes of the present invention. It is important,therefore, that the claims be regarded as including such equivalentconstructions insofar as they do not depart from the spirit and scope ofthe present invention.

While the invention has been described with respect to a limited numberof embodiments, it will be appreciated that many variations,modifications and other applications of the invention may be made.

1. A method comprising: intercommunicating among tags in a group of tagsusing radio frequency communication; assigning an interrogator role fora selected tag within the group of tags that causes the selected tag tointerrogate other tags within the group of tags, wherein interrogatingthe group of tags comprises: determining a distance from a first tag asecond tag using the intercommunicating; triggering an alarm state whenthe distance is greater than a threshold distance; and passing theinterrogator role to another tag within the group of tags.
 2. Themethod, according to claim 1, wherein the intercommunicating among thetags is based on ultra-wide band signals.
 3. The method, according toclaim 1, wherein the determining of the distance is performed bymeasuring a round trip delay time between transmitting a transmittedsignal to the second tag and receiving a response signal in response tothe transmitted signal from the second tag.
 4. The method, according toclaim 1, wherein the determining is performed by measuring a time delaybetween transmitting a unicast ultra-wide band message and receiving aunicast ultra-wide band response message.
 5. The method, according toclaim 1, wherein the intercommunicating relays information regardingcompleteness of the group between the tags of the group.
 6. The method,according to claim 1, further comprising: providing a configurationmechanism for configuring the group; configuring the group of the tagsby performing at least one task selected from the group of tasksconsisting of (i) adding a tag to the group, (ii) removing at least oneof the tags from the group, (iii) programming at least one of the tagsto intercommunicate with at least one other tag and (iv) storing in atleast one of the tags a parameter proportional to the thresholddistance. upon completing the configuring, removing the configurationmechanism, whereby the tags maintain security by the intercommunicating.7. The method, according to claim 1, further comprising: synchronizingthe tags wherein each of the tags transmits and receives duringcoinciding, periodic time intervals.
 8. The method, according to claim7, the synchronizing is performed by transmitting beacon signals from atleast one of the tags to at least one other of the tags.
 9. The method,according to claim 7, further comprising: switching at least one of thetags into a sleep mode outside of the previously determined timeinterval and switching to an active mode during the previouslydetermined time interval, thereby conserving battery power.
 10. Themethod, according to claim 1, wherein the intercommunicating includesselecting either multicast or broadcast transmitted messages, wherein adecision to transmit within a time frame is probabilistic based on anestimate of traffic within the group.
 11. The method, according to claim1, wherein the intercommunicating includes selecting either multicast orbroadcast transmitted messages, wherein a decision to transmit within atime frame is deterministic according to a previously defined orderingalgorithm.
 12. The method, according to claim 1, wherein theintercommunicating includes using unicast ultra-wide band transmittedmessages and receiving unicast response messages to relay informationregarding completeness of the group, wherein the intercommunicating isperformed during a time interval, wherein the time interval issufficiently long so that a first tag of the group to interrogatereceives an interrogation signal from a last of the group tointerrogate, and wherein outside said time interval the tags within thegroup switch into a sleep mode, thereby conserving battery power. 13.The method, according to claim 1, wherein the alarm state is selectedfrom the group consisting of a sound, a light, an alarm record stored inat least one of the tags, a transmitted alarm message, and a commandmodifying the operation of a device operatively attached to one of thetags.
 14. The method, according to claim 1, wherein the alarm state islogged as an alarm record in memory of at least one of the tags, thealarm record is retrieved upon querying by a reader in temporarycommunication with at least one of the tags.
 15. A tag comprising:processing circuitry; a radio frequency transceiver; and an alarmmechanism; wherein the processing circuitry is configured to: controlthe radio frequency transceiver to intercommunicate with a group oftags, and implement an interrogator role that causes the radio frequencytransceiver to interrogate the group of tags, wherein being configuredto interrogate the group of tags comprises being configured to:determine a distance to at least a second tag in the group of tags usingthe intercommunicating; and control the alarm mechanism to trigger analarm state when the distance is greater than a threshold distance; andpass the interrogator role to another tag within the group of tags. 16.The tag according to claim 15, wherein the distance is determined bymeasuring a round trip delay time between transmitting a transmittedsignal to the second tag and receiving a response signal in response tosaid transmitted signal from the second tag.
 17. The tag according toclaim 15, wherein the tag is included within a system, the systemfurther comprising a configuration mechanism operative to perform a taskselected from the group of tasks consisting of: (i) adding a tag to thegroup, (ii) removing at least one of the tags from the group, (iii)programming at least one of the tags to intercommunicate with at leastone other tag and (iv) storing in at least one of the tags a parameterproportional to the threshold distance.
 18. The tag according to claim15, wherein being configured to control the radio frequency transceiverto intercommunicate includes using unicast ultra-wide band transmittedmessages and receiving unicast response messages to relay informationregarding completeness of the group, wherein the intercommunicating isperformed during a time interval, wherein the time interval issufficiently long so that a first tag of the group to interrogatereceives an interrogation signal from a last of the group tointerrogate, and wherein outside the time interval the tags within thegroup switch into a sleep mode, thereby conserving battery power. 19.The tag according to claim 15, wherein the alarm state is selected fromthe group consisting of a sound, a light, an alarm record stored in atleast one of the tags, a transmitted alarm message, and a commandmodifying the operation of a device operatively attached to one of thetags.